aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-03-27coroutine: avoid co_queue_wakeup recursionStefan Hajnoczi
qemu_aio_coroutine_enter() is (indirectly) called recursively when processing co_queue_wakeup. This can lead to stack exhaustion. This patch rewrites co_queue_wakeup in an iterative fashion (instead of recursive) with bounded memory usage to prevent stack exhaustion. qemu_co_queue_run_restart() is inlined into qemu_aio_coroutine_enter() and the qemu_coroutine_enter() call is turned into a loop to avoid recursion. There is one change that is worth mentioning: Previously, when coroutine A queued coroutine B, qemu_co_queue_run_restart() entered coroutine B from coroutine A. If A was terminating then it would still stay alive until B yielded. After this patch B is entered by A's parent so that a A can be deleted immediately if it is terminating. It is safe to make this change since B could never interact with A if it was terminating anyway. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20180322152834.12656-3-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-03-27queue: add QSIMPLEQ_PREPEND()Stefan Hajnoczi
QSIMPLEQ_CONCAT(a, b) joins a = a + b. The new QSIMPLEQ_PREPEND(a, b) API joins a = b + a. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20180322152834.12656-2-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2018-03-27Merge remote-tracking branch 'remotes/rth/tags/pull-dt-20180326' into stagingPeter Maydell
Fix a decodetree problem with 16-bit insns # gpg: Signature made Mon 26 Mar 2018 15:35:04 BST # gpg: using RSA key 64DF38E8AF7E215F # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * remotes/rth/tags/pull-dt-20180326: scripts/decodetree: Fix insnmask not marked as global in main() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-26Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches # gpg: Signature made Mon 26 Mar 2018 15:33:01 BST # gpg: using RSA key 7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: qemu-iotests: Test vhdx image creation with QMP vhdx: Check for 4 GB maximum log size on creation vhdx: Don't use error_setg_errno() with constant errno vhdx: Require power-of-two block size on create qemu-iotests: Test parallels image creation with QMP parallels: Check maximum cluster size on create qemu-iotests: Test invalid resize on luks luks: Turn another invalid assertion into check qemu-iotests: Enable 025 for luks qemu-iotests: Test vdi image creation with QMP vdi: Fix build with CONFIG_VDI_DEBUG vdi: Change 'static' create option to 'preallocation' in QMP qcow2: Reset free_cluster_index when allocating a new refcount block include/block/block_int: Document protocol related functions block/blkreplay: Remove protocol-related fields block/throttle: Remove protocol-related fields block/quorum: Remove protocol-related fields block/replication: Remove protocol_name field iotests: 163 is not quick Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-26scripts/decodetree: Fix insnmask not marked as global in main()Bastian Koppelmann
if '-w 16' was given as a cmdline args a local copy of insnmask is set and not the global one. Signed-off-by: Peer Adelt <peer.adelt@hni.uni-paderborn.de> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Message-Id: <20180319115846.9662-1-kbastian@mail.uni-paderborn.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2018-03-26Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
Miscellaenous bugfixes, including crash fixes from Alexey, Peter M. and Thomas. # gpg: Signature made Mon 26 Mar 2018 13:37:38 BST # gpg: using RSA key BFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: qemu-pr-helper: Actually allow users to specify pidfile chardev/char-fe: Allow NULL chardev in qemu_chr_fe_init() iothread: fix breakage on windows scsi: turn "is this a SCSI device?" into a conditional hint chardev-socket: remove useless if tcg: Really fix cpu_io_recompile vhost-user-test: add back memfd check vhost-user-test: do not hang if chardev creation failed scripts/device-crash-test: Remove fixed isapc-with-iommu entry hw/audio: Fix crashes when devices are used on ISA bus without DMA fdc: Exit if ISA controller does not support DMA hw/net/can: Fix segfaults when using the devices without bus WHPX improve vcpu_post_run perf WHPX fix WHvSetPartitionProperty in PropertyCode WHPX fix WHvGetCapability out WrittenSizeInBytes scripts/get_maintainer.pl: Print proper error message for missing $file Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-26qemu-pr-helper: Actually allow users to specify pidfileMichal Privoznik
Due to wrong specification of arguments to getopt_long() any attempt to set pidfile resulted in: 1) the default to be leaked 2) the @pidfile variable to be set to NULL (because optarg is NULL without this patch). Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Message-Id: <6f10cd53d361a395aa0e85a9311ec4e9a8fc11e5.1521868451.git.mprivozn@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26chardev/char-fe: Allow NULL chardev in qemu_chr_fe_init()Peter Maydell
All the functions in char-fe.c handle the CharBackend having a NULL Chardev pointer, which means that the backend exists but is not connected to anything. The exception is qemu_chr_fe_init(), which will crash if passed a NULL Chardev pointer argument. This can happen for various boards if they're started with 'nodefaults': arm-softmmu/qemu-system-arm -S -nodefaults -M cubieboard riscv32-softmmu/qemu-system-riscv32 -nodefaults -M sifive_e Make qemu_chr_fe_init() accept a NULL chardev. This allows UART models to handle NULL chardev properties without generally needing to special case them or to manually create a NullChardev. Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180323152948.27048-1-peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26iothread: fix breakage on windowsPeter Xu
OOB can enable iothread for parsing even on Windows. We need some tunes to enable that on Windows otherwise it'll break Windows users. This patch fixes the breakage on Windows with qemu-system-ppc.exe. Reported-by: Howard Spoelstra <hsp.cat7@gmail.com> Tested-by: Howard Spoelstra <hsp.cat7@gmail.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20180322085630.23654-1-peterx@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26scsi: turn "is this a SCSI device?" into a conditional hintPaolo Bonzini
If the user does not have permissions to send ioctls to the device (due to SELinux or cgroups, for example), the output can look like qemu-kvm: -device scsi-block,drive=disk: cannot get SG_IO version number: Operation not permitted. Is this a SCSI device? but this is confusing because the ioctl was blocked _before_ the device even received the SG_GET_VERSION_NUM ioctl. Therefore, for EPERM errors the suggestion should be eliminated. To make that simpler, change the code to use error_append_hint. Reported-by: Ala Hino <ahino@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26chardev-socket: remove useless ifPaolo Bonzini
This trips Coverity, which believes the subsequent qio_channel_create_watch can dereference a NULL pointer. In reality, tcp_chr_connect's callers all have s->ioc properly initialized, since they are all rooted at tcp_chr_new_client. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26tcg: Really fix cpu_io_recompileRichard Henderson
We have confused the number of instructions that have been executed in the TB with the number of instructions needed to repeat the I/O instruction. We have used cpu_restore_state_from_tb, which means that the guest pc is pointing to the I/O instruction. The only time the answer to the later question is not 1 is when MIPS or SH4 need to re-execute the branch for the delay slot as well. We must rely on cpu->cflags_next_tb to generate the next TB, as otherwise we have a race condition with other guest cpus within the TB cache. Fixes: 0790f86861079b1932679d0f011e431aaf4ee9e2 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20180319031545.29359-1-richard.henderson@linaro.org> Tested-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26vhost-user-test: add back memfd checkMarc-André Lureau
This revert commit fb68096da3d35e64c88cd610c1fa42766c58e92a, and modify test_read_guest_mem() to use different chardev names, when using memfd (_test_server_free(), where the chardev is removed, runs in idle). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20180215212552.26997-4-marcandre.lureau@redhat.com> Acked-by: Maxime Coquelin <maxime.coquelin@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26vhost-user-test: do not hang if chardev creation failedMarc-André Lureau
Before the chardev name fix, the following error may happen: "attempt to add duplicate property 'chr-test' to object (type 'container')", due to races. Sadly, error_vprintf() uses g_test_message(), so you have to use read the cryptic --debug-log to see it. Later, it would make sense to use g_critical() instead, and catch errors with g_test_expect_message() (in glib 2.34). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20180215212552.26997-5-marcandre.lureau@redhat.com> Acked-by: Maxime Coquelin <maxime.coquelin@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26scripts/device-crash-test: Remove fixed isapc-with-iommu entryThomas Huth
Fixed in a0c167a18470831e359f0538c3cf67907808f13e ("x86_iommu: check if machine has PCI bus"). Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1521193892-15552-5-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26hw/audio: Fix crashes when devices are used on ISA bus without DMAThomas Huth
The cs4231a, gus and sb16 sound cards crash QEMU when the user tries to instantiate them on a machine with DMA-less ISA bus (for example with "qemu-system-mips64el -M mips -device sb16"). Add proper checks to the realize functions to avoid the crashes. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1521193892-15552-4-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26fdc: Exit if ISA controller does not support DMAAlexey Kardashevskiy
A "powernv" machine type defines an ISA bus but it does not add any DMA controller to it so it is possible to hit assert(fdctrl->dma) by adding "-machine powernv -device isa-fdc". This replaces assert() with an error message. Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> [thuth: Slightly adjusted error message and updated scripts/device-crash-test] Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1521193892-15552-3-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26hw/net/can: Fix segfaults when using the devices without busThomas Huth
The CAN devices can currently be used to crash QEMU, e.g.: $ x86_64-softmmu/qemu-system-x86_64 -device kvaser_pci Segmentation fault (core dumped) So we've got to add a proper check here that the corresponding bus is available. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1521193892-15552-2-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26WHPX improve vcpu_post_run perfJustin Terry (VM)
This removes the additional call to WHvGetVirtualProcessorRegisters in whpx_vcpu_post_run now that the WHV_VP_EXIT_CONTEXT is returned in all WHV_RUN_VP_EXIT_CONTEXT structures. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com> Message-Id: <1521039163-138-4-git-send-email-juterry@microsoft.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26WHPX fix WHvSetPartitionProperty in PropertyCodeJustin Terry (VM)
This fixes a breaking change to WHvSetPartitionProperty to pass the 'in' PropertyCode on function invocation introduced in Windows Insider SDK 17110. Usage of this indicates the PropertyCode of the opaque PropertyBuffer passed in on function invocation. Also fixes the removal of the PropertyCode parameter from the WHV_PARTITION_PROPERTY struct as it is now passed to the function directly. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com> Message-Id: <1521039163-138-3-git-send-email-juterry@microsoft.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26WHPX fix WHvGetCapability out WrittenSizeInBytesJustin Terry (VM)
This fixes a breaking change to WHvGetCapability to include the 'out' WrittenSizeInBytes introduced in Windows Insider SDK 17110. This specifies on return the safe length to read into the WHV_CAPABILITY structure passed to the call. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com> Message-Id: <1521039163-138-2-git-send-email-juterry@microsoft.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-03-26scripts/get_maintainer.pl: Print proper error message for missing $fileIan Jackson
If you pass scripts/get_maintainer.pl the name of a FIFO or other exciting object (/dev/stdin, for example), it would falsely print "file not found". Instead: stat the object rather than using -f so that we do not mind if the object is not a file; and print the errno value in the error message. Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Thomas Huth <thuth@redhat.com> CC: Paolo Bonzini <pbonzini@redhat.com> CC: Stefano Stabellini <sstabellini@kernel.org> CC: Anthony PERARD <anthony.perard@citrix.com> Message-Id: <1520535787-6223-13-git-send-email-ian.jackson@eu.citrix.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
2018-03-26qemu-iotests: Test vhdx image creation with QMPKevin Wolf
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-03-26vhdx: Check for 4 GB maximum log size on creationKevin Wolf
It's unclear what the real maximum is, but we use an uint32_t to store the log size in vhdx_co_create(), so we should check that the given value fits in 32 bits. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com>
2018-03-26vhdx: Don't use error_setg_errno() with constant errnoKevin Wolf
error_setg_errno() is meant for cases where we got an errno from the OS that can add useful extra information to an error message. It's pointless if we pass a constant errno, these cases should use plain error_setg(). Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com>
2018-03-26vhdx: Require power-of-two block size on createKevin Wolf
Images with a non-power-of-two block size are invalid and cannot be opened. Reject such block sizes when creating an image. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com>
2018-03-26qemu-iotests: Test parallels image creation with QMPKevin Wolf
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-03-26parallels: Check maximum cluster size on createKevin Wolf
It's unclear what the real maximum cluster size is for the Parallels format, but let's at least make sure that we don't get integer overflows in our .bdrv_co_create implementation. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2018-03-26qemu-iotests: Test invalid resize on luksKevin Wolf
This tests that the .bdrv_truncate implementation for luks doesn't crash for invalid image sizes. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2018-03-26luks: Turn another invalid assertion into checkKevin Wolf
Commit e39e959e fixed an invalid assertion in the .bdrv_length implementation, but left a similar assertion in place for .bdrv_truncate. Instead of crashing when the user requests a too large image size, fail gracefully. A file size of exactly INT64_MAX caused failure before, but is actually legal. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-26qemu-iotests: Enable 025 for luksKevin Wolf
We want to test resizing even for luks. The only change that is needed is to explicitly zero out new space for luks because it's undefined. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2018-03-26qemu-iotests: Test vdi image creation with QMPKevin Wolf
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2018-03-26vdi: Fix build with CONFIG_VDI_DEBUGKevin Wolf
Use qemu_uuid_unparse() instead of uuid_unparse() to make vdi.c compile again when CONFIG_VDI_DEBUG is set. In order to prevent future bitrot, replace '#ifdef CONFIG_VDI_DEBUG' by 'if (VDI_DEBUG)' so that the compiler always sees the code. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2018-03-26vdi: Change 'static' create option to 'preallocation' in QMPKevin Wolf
What static=on really does is what we call metadata preallocation for other block drivers. While we can still change the QMP interface, make it more consistent by using 'preallocation' for VDI, too. This doesn't implement any new functionality, so the only supported preallocation modes are 'off' and 'metadata' for now. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2018-03-26qcow2: Reset free_cluster_index when allocating a new refcount blockAlberto Garcia
When we try to allocate new clusters we first look for available ones starting from s->free_cluster_index and once we find them we increase their reference counts. Before we get to call update_refcount() to do this last step s->free_cluster_index is already pointing to the next cluster after the ones we are trying to allocate. During update_refcount() it may happen however that we also need to allocate a new refcount block in order to store the refcounts of these new clusters (and to complicate things further that may also require us to grow the refcount table). After all this we don't know if the clusters that we originally tried to allocate are still available, so we return -EAGAIN to ask the caller to restart the search for free clusters. This is what can happen in a common scenario: 1) We want to allocate a new cluster and we see that cluster N is free. 2) We try to increase N's refcount but all refcount blocks are full, so we allocate a new one at N+1 (where s->free_cluster_index was pointing at). 3) Once we're done we return -EAGAIN to look again for a free cluster, but now s->free_cluster_index points at N+2, so that's the one we allocate. Cluster N remains unallocated and we have a hole in the qcow2 file. This can be reproduced easily: qemu-img create -f qcow2 -o cluster_size=512 hd.qcow2 1M qemu-io -c 'write 0 124k' hd.qcow2 After this the image has 132608 bytes (256 clusters), and the refcount block is full. If we write 512 more bytes it should allocate two new clusters: the data cluster itself and a new refcount block. qemu-io -c 'write 124k 512' hd.qcow2 However the image has now three new clusters (259 in total), and the first one of them is empty (and unallocated): dd if=hd.qcow2 bs=512c skip=256 count=1 | hexdump -C If we write larger amounts of data in the last step instead of the 512 bytes used in this example we can create larger holes in the qcow2 file. What this patch does is reset s->free_cluster_index to its previous value when alloc_refcount_block() returns -EAGAIN. This way the caller will try to allocate again the original clusters if they are still free. The output of iotest 026 also needs to be updated because now that images have no holes some tests fail at a different point and the number of leaked clusters is different. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-03-26include/block/block_int: Document protocol related functionsFabiano Rosas
Clarify that: - for protocols the brdv_file_open function is used instead of bdrv_open; - when protocol_name is set, a driver should expect to be given only a filename and no other options. Signed-off-by: Fabiano Rosas <farosas@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-03-26block/blkreplay: Remove protocol-related fieldsFabiano Rosas
The blkreplay driver is not a protocol so it should implement bdrv_open instead of bdrv_file_open and not provide a protocol_name. Attempts to invoke this driver using protocol syntax (i.e. blkreplay:<filename:options:...>) will now fail gracefully: $ qemu-img info blkreplay:foo qemu-img: Could not open 'blkreplay:foo': Unknown protocol 'blkreplay' Signed-off-by: Fabiano Rosas <farosas@linux.vnet.ibm.com> Reviewed-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-03-26block/throttle: Remove protocol-related fieldsFabiano Rosas
The throttle driver is not a protocol so it should implement bdrv_open instead of bdrv_file_open and not provide a protocol_name. Attempts to invoke this driver using protocol syntax (i.e. throttle:<filename:options:...>) will now fail gracefully: $ qemu-img info throttle:foo qemu-img: Could not open 'throttle:foo': Unknown protocol 'throttle' Signed-off-by: Fabiano Rosas <farosas@linux.vnet.ibm.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-03-26block/quorum: Remove protocol-related fieldsFabiano Rosas
The quorum driver is not a protocol so it should implement bdrv_open instead of bdrv_file_open and not provide a protocol_name. Attempts to invoke this driver using protocol syntax (i.e. quorum:<filename:options:...>) will now fail gracefully: $ qemu-img info quorum:foo qemu-img: Could not open 'quorum:foo': Unknown protocol 'quorum' Signed-off-by: Fabiano Rosas <farosas@linux.vnet.ibm.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-03-26block/replication: Remove protocol_name fieldFabiano Rosas
The protocol_name field is used when selecting a driver via protocol syntax (i.e. <protocol_name>:<filename:options:...>). Drivers that are only selected explicitly (e.g. driver=replication,mode=primary,...) should not have a protocol_name. This patch removes the protocol_name field from the brdv_replication structure so that attempts to invoke this driver using protocol syntax will fail gracefully: $ qemu-img info replication:foo qemu-img: Could not open 'replication:': Unknown protocol 'replication' Buglink: https://bugs.launchpad.net/qemu/+bug/1726733 Signed-off-by: Fabiano Rosas <farosas@linux.vnet.ibm.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-03-26iotests: 163 is not quickEric Blake
Testing on ext4, most 'quick' qcow2 tests took less than 5 seconds, but 163 took more than 20. Let's remove it from the quick set. Signed-off-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-03-26Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Mon 26 Mar 2018 07:53:27 BST # gpg: using RSA key EF04965B398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * remotes/jasowang/tags/net-pull-request: net/vde: print error on vde_open() failure virtio_net: flush uncompleted TX on reset Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-26net/vde: print error on vde_open() failureJulia Suvorova via Qemu-devel
Despite the fact that now when the initialization of vde fails, qemu does not end silently, no informative error is printed. The patch generates an error and pushes it through the calling function. Related bug: https://bugs.launchpad.net/qemu/+bug/676029 Signed-off-by: Julia Suvorova <jusual@mail.ru> Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-03-26virtio_net: flush uncompleted TX on resetGreg Kurz
If the backend could not transmit a packet right away for some reason, the packet is queued for asynchronous sending. The corresponding vq element is tracked in the async_tx.elem field of the VirtIONetQueue, for later freeing when the transmission is complete. If a reset happens before completion, virtio_net_tx_complete() will push async_tx.elem back to the guest anyway, and we end up with the inuse flag of the vq being equal to -1. The next call to virtqueue_pop() is then likely to fail with "Virtqueue size exceeded". This can be reproduced easily by starting a guest with an hubport backend that is not connected to a functional network, eg, -device virtio-net-pci,netdev=hub0 -netdev hubport,id=hub0,hubid=0 and no other -netdev hubport,hubid=0 on the command line. The appropriate fix is to ensure that such an asynchronous transmission cannot survive a device reset. So for all queues, we first try to send the packet again, and eventually we purge it if the backend still could not deliver it. CC: qemu-stable@nongnu.org Reported-by: R. Nageswara Sastry <nasastry@in.ibm.com> Buglink: https://github.com/open-power-host-os/qemu/issues/37 Signed-off-by: Greg Kurz <groug@kaod.org> Tested-by: R. Nageswara Sastry <nasastry@in.ibm.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-03-25Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20180323' into staging target-arm queue: * arm/translate-a64: don't lose interrupts after unmasking via write to DAIF * sdhci: fix incorrect use of Error * * hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses * hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 * i.MX: Support serial RS-232 break properly * mach-virt: Set VM's SMBIOS system version to mc->name * target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK * target/arm: Factor out code to calculate FSR for debug exceptions * target/arm: Set FSR for BKPT, BRK when raising exception * target/arm: Always set FAR to a known unknown value for debug exceptions # gpg: Signature made Fri 23 Mar 2018 18:48:57 GMT # gpg: using RSA key 3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20180323: target/arm: Always set FAR to a known unknown value for debug exceptions target/arm: Set FSR for BKPT, BRK when raising exception target/arm: Factor out code to calculate FSR for debug exceptions target/arm: Honour MDCR_EL2.TDE when routing exceptions due to BKPT/BRK mach-virt: Set VM's SMBIOS system version to mc->name i.MX: Support serial RS-232 break properly hw/arm/bcm2836: Use the Cortex-A7 instead of Cortex-A15 hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses sdhci: fix incorrect use of Error * arm/translate-a64: treat DISAS_UPDATE as variant of DISAS_EXIT Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-24Merge remote-tracking branch ↵Peter Maydell
'remotes/dgilbert/tags/pull-migration-20180323a' into staging Migration fixes for 2.12 All small fixes. Dan's is a missing piece of a cleanup that finally completes something, and between Paolo, Dan and myself we recon it's still on the edge of being a bug fix. # gpg: Signature made Fri 23 Mar 2018 20:17:40 GMT # gpg: using RSA key 0516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20180323a: migration: Fix block migration flag case migration/block: compare only read blocks against the rate limiter migration/block: limit the number of parallel I/O requests migration: Fix rate limiting issue on RDMA migration migration: convert socket server to QIONetListener Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-24Merge remote-tracking branch 'remotes/marcel/tags/rdma-pull-request' into ↵Peter Maydell
staging * fix PVRDMA compilation errors and warnings * implement query_qp for the PVRDMA device * fix make - switch from -I to -iquote # gpg: Signature made Fri 23 Mar 2018 15:39:23 GMT # gpg: using RSA key 36D4C0F0CF2FE46D # gpg: Good signature from "Marcel Apfelbaum <marcel@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: B1C6 3A57 F92E 08F2 640F 31F5 36D4 C0F0 CF2F E46D * remotes/marcel/tags/rdma-pull-request: hw/rdma: Fix 32-bit compilation hw/rdma: Use correct print format in CHK_ATTR macro hw/rdma: Change host_virt to void * hw/rdma: fix clang compilation errors make: switch from -I to -iquote rdma: fix up include directives hw/rdma: Add support for Query QP verb to pvrdma device hw/rdma: Add Query QP operation Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-23target/arm: Always set FAR to a known unknown value for debug exceptionsPeter Maydell
For debug exceptions due to breakpoints or the BKPT instruction which are taken to AArch32, the Fault Address Register is architecturally UNKNOWN. We were using that as license to simply not set env->exception.vaddress, but this isn't correct, because it will expose to the guest whatever old value was in that field when arm_cpu_do_interrupt_aarch32() writes it to the guest IFSR. That old value might be a FAR for a previous guest EL2 or secure exception, in which case we shouldn't show it to an EL1 or non-secure exception handler. It might also be a non-deterministic value, which is bad for record-and-replay. Clear env->exception.vaddress before taking breakpoint debug exceptions, to avoid this minor information leak. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180320134114.30418-5-peter.maydell@linaro.org
2018-03-23target/arm: Set FSR for BKPT, BRK when raising exceptionPeter Maydell
Now that we have a helper function specifically for the BRK and BKPT instructions, we can set the exception.fsr there rather than in arm_cpu_do_interrupt_aarch32(). This allows us to use our new arm_debug_exception_fsr() helper. In particular this fixes a bug where we were hardcoding the short-form IFSR value, which is wrong if the target exception level has LPAE enabled. Fixes: https://bugs.launchpad.net/qemu/+bug/1756927 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180320134114.30418-4-peter.maydell@linaro.org
2018-03-23target/arm: Factor out code to calculate FSR for debug exceptionsPeter Maydell
When a debug exception is taken to AArch32, it appears as a Prefetch Abort, and the Instruction Fault Status Register (IFSR) must be set. The IFSR has two possible formats, depending on whether LPAE is in use. Factor out the code in arm_debug_excp_handler() which picks an FSR value into its own utility function, update it to use arm_fi_to_lfsc() and arm_fi_to_sfsc() rather than hard-coded constants, and use the correct condition to select long or short format. In particular this fixes a bug where we could select the short format because we're at EL0 and the EL1 translation regime is not using LPAE, but then route the debug exception to EL2 because of MDCR_EL2.TDE and hand EL2 the wrong format FSR. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180320134114.30418-3-peter.maydell@linaro.org